Linux Ethernet Bridging - Apr 2007 - [Bridge] Problem with default vlan and stateful bridging (2nd try)

hi folks,

hope you can help me !

I am using bridging to secure my network. I want to do some kind of content
filtering (ips using content matching) in my local network. I wrote a little
helper programm that does that job. But thats not the problem. The problem
is that I need to use bridges in my local network as I have trunk ports.
Using bridges works fine for me in the dmz and to the internet, but if I
integrate the bridges in my local network I am not able to access the
default VLAN (which is vlan 2). The ports in the dmz are access ports not
trunk ports.

The attached file illustrates my problem (at least I hope it does;) ). As
you can see I am using Cisco switches (4500) for the different departments
and cisco catalyst 6000 for core switching. These switches provide some
vlans (vlan 2 is default). As soon as I use the bridges as inline systems
(without any filtering at layer 2,3 or 7) I am not able to access vlan 2
anymore. Even on the same switch !

Here is an example:

Please have a look to the attached picture. If I want to access a device
connected via an access port in vlan 2 from vlan 106 I am not able to get
the device on the same switch. I am also not able to get devices at other
switches (access port vlan 2) that are "secured" by the bridges. But
if want
to access an end point (vlan 2 device) from a end point device connected to
a switch that is secured with a bridge to an end point device in vlan 2 (or
any other vlan) that is connected to a switch that is not secured by a
bridge, I am not able to access the device ! (what a sentence !)

Furthermore: All switches (Layer 3) are not able to communicate with each
other (all vlan 2 as it is the default vlan) if they are secured with
bridges.

The most weird thing for me is that I am not able to access vlan 2 devices
from another vlan connected at the same switch as soon as I use the bridge!

Some things I already thought about that may create my problem (what do you
thing about these points):

* mac address learning:
as I use vlans the same mac address is available in several vlans. could it
be that the bridge interface has problem with this ?

* stateless / stateful
may it be possible that the kernel and the routing ability creates some
problems as the box is working stateful and has routing enabled ?

Information: The kernel is compiled with 802.1q support
The switches secured with bridges are not able to get the mac address of the
other switches secured with bridges.

I really hope you know what to do to solve my problem as I am totally
overextended.

Thanks for your help in advance

Josef 

PS. Sorry if this Email was sent twice


_______________________________________________________________________________
Disclaimer

This email is confidential and intended solely for the use of the individual to
whom it is addressed. If you are not the intended recipient, be advised that
you have received this email in error and that any use, dissemination,
forwarding, printing, or copying of this email is strictly prohibited.

Although Azlan Group Limited has taken reasonable precautions to ensure no
viruses are present in this email, the company cannot accept responsibility for
any loss or damage arising from the use of this email or attachments.

Employees of Azlan Group Limited and its affiliates are expressly required not
to make defamatory statements and not to infringe or authorise any infringement
of copyright or any other legal right by email communications. Any such
communication is contrary to company policy and outside the scope of the
employment of the individual concerned.

For further assistance on email policy, or if you have received this email in
error, please contact the Azlan Group MIS Helpdesk by email at
help.desk@azlan.com. Azlan Group Limited, Azlan House,
Mulberry Business Park, Fishponds Road, Wokingham, 
RG41 2GY. 

www.azlan.com.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: bridge_problem_default_vlan.jpg
Type: application/octet-stream
Size: 43058 bytes
Desc: not available
Url :
http://lists.linux-foundation.org/pipermail/bridge/attachments/20050520/1f4169c3/bridge_problem_default_vlan-0001.obj